1. Field of the Invention
The present invention relates to a LAN device with which multiple clients are connected.
2. Description of the Related Art
In a network service based on the always-on connection as in the case of the Internet, a local area network (LAN) like an intranet is constructed in each facility, such as a company or a university campus. The LAN provides the environment of always-on connection with a wide area network (WAN) like the Internet via a router or a gateway. In such a LAN system, clients (computers or their users) that access the LAN can be specified. A LAN access service has been proposed recently to give permission of access to a LAN to unspecified clients. A LAN is constructed, for example, in a shop, and the users of the shop freely access the LAN to gain access to the external Internet. With recent advancement of wireless LAN, such a service is acceptable without connection of the computer to the network via cable.
A small-scaled LAN access service is readily constructed by utilizing a router for wireless LAN. A wireless LAN device is typically capable of connecting with several to ten-odd clients, and may further connect with several computers via cable. In one practical application, the wireless LAN device is installed in a small shop, such as a coffee shop or a beauty shop. A computer connected to the wireless LAN device via cable is used as a management server for controlling the LAN, and wireless access is permitted to the users of the shop.
Ensured security is an important issue in such LAN access service. In the general intranet, clients that access the intranet are relatively fixed, and a representative manager identifies users of the intranet. Each device that accesses the LAN is identified with an MAC address uniquely allocated to the device. It is accordingly easy to set permission and prohibition to each specific service. In the LAN access service, on the other hand, clients that access the LAN are unspecified, and management with MAC addresses is impractical. Non-limitation of access, however, enables each client to access data even in the management server, which may cause troubles.
One possible measure to this problem locates the management server in a different network from the LAN for the LAN access service. Another possible measure provides a VLAN switch or a firewall at a point of connection of the management server with the LAN. These measures, however, require additional equipment and are against the recent trend of providing the easy, small-scaled LAN access service.